1
0
Fork 0
mirror of https://passt.top/passt synced 2025-08-14 19:03:12 +02:00
passt/contrib/selinux
Stefano Brivio e5575743d9 selinux: Drop user_namespace create allow rules
Those are incompatible with current el9 kernels. I introduced them
upstream with commit 62059058cf ("selinux: Fix user namespace
creation after breaking kernel change"), in turn as a result of
kernel commit ed5d44d42c95 ("selinux: Implement userns_create hook"),
but on current el9 kernels (which lack the hook) they result in
failures such as:

  Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/passt/cil:103
  Failed to resolve AST
  /usr/sbin/semodule:  Failed!
  Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/pasta/cil:104
  Failed to resolve AST
  /usr/sbin/semodule:  Failed!

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2025-04-02 14:32:10 +11:00
..
passt-repair.fc Introduce passt-repair 2025-02-04 01:28:04 +01:00
passt-repair.te Introduce passt-repair 2025-02-04 01:28:04 +01:00
passt.fc selinux: Use explicit paths for binaries in file context 2023-08-18 13:18:45 +02:00
passt.if passt: Relicense to GPL 2.0, or any later version 2023-04-06 18:00:33 +02:00
passt.te selinux: Drop user_namespace create allow rules 2025-04-02 14:32:10 +11:00
pasta.fc selinux: Use explicit paths for binaries in file context 2023-08-18 13:18:45 +02:00
pasta.te selinux: Drop user_namespace create allow rules 2025-04-02 14:32:10 +11:00